7110 matches found
CVE-2026-4267
The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2025-67805
A non-default configuration in Sage DPW 202506004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Clou...
CVE-2026-3881
The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attacks...
WordPress Query Monitor plugin <= 3.20.3 - Reflected Cross-Site Scripting via Request URI vulnerability
Reflected Cross-Site Scripting via Request URI vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Query Monitor versions = 3.20.3...
CVE-2026-5259
A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java of the component Alarm Preview. Executing a manipulation can lead to...
WordPress Performance Monitor plugin <= 1.0.6 - Unauthenticated Blind SSRF vulnerability
Unauthenticated Blind SSRF vulnerability discovered by Afshin Shekaari in WordPress Plugin Performance Monitor versions = 1.0.6...
OpenClaw: Google Chat and Zalouser group sender allowlist bypass via policy downgrade
Summary When only a route-level group allowlist was configured, sender policy resolution silently downgraded from allowlist to open instead of preserving the configured group policy. Impact Any member of an allowlisted Google Chat space or Zalouser group could interact with the bot even when the...
CVE-2025-67805
A non-default configuration in Sage DPW 202506004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Clou...
CVE-2025-67805
Sage DPW 2025_06_004 contains a non-default configuration exposing unauthenticated access to diagnostic endpoints of the Database Monitor, allowing exposure of hashes and table names. The feature is disabled by default in all installations and never available in Sage DPW Cloud; Red Hat/NVD/ENISA/...
CVE-2025-67805
A non-default configuration in Sage DPW 202506004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Clou...
PT-2026-29528
A non-default configuration in Sage DPW 2025 06 004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW...
EUVD-2026-17585
The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a...
CVE-2026-3356
The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a...
CVE-2026-3356
The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a...
CVE-2026-3356 Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor
The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a...
CVE-2026-3356
The CVE-2026-3356 entry concerns the MS27102A Remote Spectrum Monitor, a device that exposes an authentication bypass vulnerability. The providedConnected documents (Red Hat, ENISA EUVD, NVD/NVD-related, CISA ICS advisory, AttackersKB, CVE listing, and PT-Security) consistently describe a flaw in...
CVE-2026-3356 Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor
The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a...
CVE-2026-4267
The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-4267 Query Monitor <= 3.20.3 - Reflected Cross-Site Scripting via Request URI
The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-4267
The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...